CODEWITHSUNDEEP
phpsqlinsert
Tom36
Tom36

Reputation: 152

Inserting user updates into SQL with PHP

I think I am really close now - there are no more nasty Orange boxes with errors in - the only problem I can see at the moment is that once I update the table (after the 

$qry = "UPDATE 'members' ('employer', 'flat') WHERE login='$login_name' VALUES ". " ('$employ', $address')";

) I get the message "No rows updated" echo to the screen!

Any ideas what the problem is? Thanks.

<?php
    //Start session
    session_start();
    $_SESSION['SESS_LOGIN'];
    //Include database connection details
    require_once('config.php');

//Array to store validation errors
    $errmsg_arr = array();

    //Validation error flag
    $errflag = false;

    //Connect to mysql server
    $link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
    if(!$link) {
        die('Failed to connect to server: ' . mysql_error());
    }

    //Select database
    $db = mysql_select_db(DB_DATABASE);
    if(!$db) {
        die("Unable to select database");
    }

    //Function to sanitize values received from the form. Prevents SQL injection
    function clean($str) {
        $str = @trim($str);
        if(get_magic_quotes_gpc()) {
            $str = stripslashes($str);
        }
        return mysql_real_escape_string($str);
    }

    //Sanitize the POST values
    $employ = clean($_POST['employer']);
    $address = clean($_POST['flat']);



?>



<?Php
//Insert employer and address into database row for logged in user.    
$login_name = $_POST['login_name'] ;
$qry = "UPDATE 'members' ('employer', 'flat') WHERE login='$login_name' VALUES ". "     ('$employ', $address')" ;



    $result = @mysql_query($link, $qry);
    //Check whether the query was successful or not
    if(!$result) {
        echo "No rows updated";
        exit();
    }else {
        echo "Success";
    }
?>

Upvotes: 0

Views: 52

Answers (2)

imulsion
imulsion

Reputation: 9040

Don't use VALUES, use SET:

"UPDATE `members` SET `employer` = '".$employ."', `flat` = '".$address."' WHERE `login`='".$login_name."'"

Upvotes: 2

ferdynator
ferdynator

Reputation: 6410

First of all you should not suppress error messages by using the @ opperator if you are looking for issues in your code. Also you are using the wrong parentheses (' instead of `). The rest of your code looks fine. maybe you need to give us some info about the database structure otherwise

Upvotes: 0

Related Questions